public class CryptographyAsyncClient extends Object
CryptographyAsyncClient
provides asynchronous methods to perform cryptographic operations using
asymmetric and symmetric keys. The client supports encrypt, decrypt, wrap key, unwrap key, sign and verify
operations using the configured key.
Samples to construct the sync client
CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder() .keyIdentifier("<your-key-id>") .credential(new DefaultAzureCredentialBuilder().build()) .buildAsyncClient();
JsonWebKey jsonWebKey = new JsonWebKey().setId("SampleJsonWebKey"); CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder() .jsonWebKey(jsonWebKey) .buildAsyncClient();
CryptographyClientBuilder
Modifier and Type | Method and Description |
---|---|
Mono<DecryptResult> |
decrypt(DecryptParameters decryptParameters)
Decrypts a single block of encrypted data using the configured key and specified algorithm.
|
Mono<DecryptResult> |
decrypt(EncryptionAlgorithm algorithm,
byte[] ciphertext)
Decrypts a single block of encrypted data using the configured key and specified algorithm.
|
Mono<EncryptResult> |
encrypt(EncryptionAlgorithm algorithm,
byte[] plaintext)
Encrypts an arbitrary sequence of bytes using the configured key.
|
Mono<EncryptResult> |
encrypt(EncryptParameters encryptParameters)
Encrypts an arbitrary sequence of bytes using the configured key.
|
Mono<KeyVaultKey> |
getKey()
Gets the public part of the configured key.
|
Mono<com.azure.core.http.rest.Response<KeyVaultKey>> |
getKeyWithResponse()
Gets the public part of the configured key.
|
Mono<SignResult> |
sign(SignatureAlgorithm algorithm,
byte[] digest)
Creates a signature from a digest using the configured key.
|
Mono<SignResult> |
signData(SignatureAlgorithm algorithm,
byte[] data)
Creates a signature from the raw data using the configured key.
|
Mono<UnwrapResult> |
unwrapKey(KeyWrapAlgorithm algorithm,
byte[] encryptedKey)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key.
|
Mono<VerifyResult> |
verify(SignatureAlgorithm algorithm,
byte[] digest,
byte[] signature)
Verifies a signature using the configured key.
|
Mono<VerifyResult> |
verifyData(SignatureAlgorithm algorithm,
byte[] data,
byte[] signature)
Verifies a signature against the raw data using the configured key.
|
Mono<WrapResult> |
wrapKey(KeyWrapAlgorithm algorithm,
byte[] key)
Wraps a symmetric key using the configured key.
|
public Mono<KeyVaultKey> getKey()
keys/get
permission for non-local operations.
Code Samples
Gets the configured key in the client. Subscribes to the call asynchronously and prints out the returned key details when a response has been received.
cryptographyAsyncClient.getKey() .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(key -> System.out.printf("Key returned with name: %s, and id: %s.%n", key.getName(), key.getId()));
public Mono<com.azure.core.http.rest.Response<KeyVaultKey>> getKeyWithResponse()
keys/get
permission for non-local operations.
Code Samples
Gets the configured key in the client. Subscribes to the call asynchronously and prints out the returned key details when a response has been received.
cryptographyAsyncClient.getKeyWithResponse() .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(keyResponse -> System.out.printf("Key returned with name: %s, and id: %s.%n", keyResponse.getValue().getName(), keyResponse.getValue().getId()));
public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext)
keys/encrypt
permission
for non-local operations.
The encryption algorithm
indicates the type of algorithm to use for encrypting the
specified plaintext
. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBC-HS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBC-HS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBC-HS512
and
A256GCM
.
Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plaintext = new byte[100]; new Random(0x1234567L).nextBytes(plaintext); cryptographyAsyncClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintext) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(encryptResult -> System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
algorithm
- The algorithm to be used for encryption.plaintext
- The content to be encrypted.Mono
containing a EncryptResult
whose cipher text
contains the encrypted content.NullPointerException
- If algorithm
or plaintext
are null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for encryption.UnsupportedOperationException
- If the encrypt operation is not supported or configured on the key.public Mono<EncryptResult> encrypt(EncryptParameters encryptParameters)
keys/encrypt
permission
for non-local operations.
The encryption algorithm
indicates the type of algorithm to use for encrypting the
specified plaintext
. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBC-HS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBC-HS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBC-HS512
and
A256GCM
.
Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plaintextBytes = new byte[100]; new Random(0x1234567L).nextBytes(plaintextBytes); byte[] iv = { (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04 }; EncryptParameters encryptParameters = EncryptParameters.createA128CbcParameters(plaintextBytes, iv); cryptographyAsyncClient.encrypt(encryptParameters) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(encryptResult -> System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
encryptParameters
- The parameters to use in the encryption operation.Mono
containing a EncryptResult
whose cipher text
contains the encrypted content.NullPointerException
- If algorithm
or plaintext
are null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for encryption.UnsupportedOperationException
- If the encrypt operation is not supported or configured on the key.public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext)
keys/decrypt
permission for non-local operations.
The encryption algorithm
indicates the type of algorithm to use for decrypting
the specified encrypted content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBC-HS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBC-HS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBC-HS512
and
A256GCM
.
Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] ciphertext = new byte[100]; new Random(0x1234567L).nextBytes(ciphertext); cryptographyAsyncClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertext) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(decryptResult -> System.out.printf("Received decrypted content of length: %d%n", decryptResult.getPlainText().length));
algorithm
- The algorithm to be used for decryption.ciphertext
- The content to be decrypted.Mono
containing the decrypted blob.NullPointerException
- If algorithm
or ciphertext
are null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for decryption.UnsupportedOperationException
- If the decrypt operation is not supported or configured on the key.public Mono<DecryptResult> decrypt(DecryptParameters decryptParameters)
keys/decrypt
permission for non-local operations.
The encryption algorithm
indicates the type of algorithm to use for decrypting
the specified encrypted content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBC-HS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBC-HS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBC-HS512
and
A256GCM
.
Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] ciphertextBytes = new byte[100]; new Random(0x1234567L).nextBytes(ciphertextBytes); byte[] iv = { (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04 }; DecryptParameters decryptParameters = DecryptParameters.createA128CbcParameters(ciphertextBytes, iv); cryptographyAsyncClient.decrypt(decryptParameters) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(decryptResult -> System.out.printf("Received decrypted content of length: %d.%n", decryptResult.getPlainText().length));
decryptParameters
- The parameters to use in the decryption operation.Mono
containing the decrypted blob.NullPointerException
- If algorithm
or ciphertext
are null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for decryption.UnsupportedOperationException
- If the decrypt operation is not supported or configured on the key.public Mono<SignResult> sign(SignatureAlgorithm algorithm, byte[] digest)
keys/sign
permission for non-local operations.
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Sings the digest. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(data); byte[] digest = md.digest(); cryptographyAsyncClient.sign(SignatureAlgorithm.ES256, digest) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(signResult -> System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResult.getSignature().length, signResult.getAlgorithm()));
algorithm
- The algorithm to use for signing.digest
- The content from which signature is to be created.Mono
containing a SignResult
whose signature
contains
the created signature.NullPointerException
- If algorithm
or digest
is null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for signing.UnsupportedOperationException
- If the sign operation is not supported or configured on the key.public Mono<VerifyResult> verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature)
keys/verify
permission for non-local operations.
The signature algorithm
indicates the type of algorithm to use to verify the
signature. Possible values include: ES256
,
E384
, ES512
,
ES246K
, PS256
,
RS384
, RS512
,
RS256
, RS384
and
RS512
Code Samples
Verifies the signature against the specified digest. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] myData = new byte[100]; new Random(0x1234567L).nextBytes(myData); MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); messageDigest.update(myData); byte[] myDigest = messageDigest.digest(); // A signature can be obtained from the SignResult returned by the CryptographyAsyncClient.sign() operation. cryptographyAsyncClient.verify(SignatureAlgorithm.ES256, myDigest, signature) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(verifyResult -> System.out.printf("Verification status: %s.%n", verifyResult.isValid()));
algorithm
- The algorithm to use for signing.digest
- The content from which signature was created.signature
- The signature to be verified.Mono
containing a VerifyResult
indicating the signature verification result
.NullPointerException
- If algorithm
, digest
or signature
is null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for verifying.UnsupportedOperationException
- If the verify operation is not supported or configured on the key.public Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key)
keys/wrapKey
permission for non-local
operations.
The wrap algorithm
indicates the type of algorithm to use for wrapping the specified
key content. Possible values include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
,
A192KW
and A256KW
.
Code Samples
Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a response has been received.
byte[] key = new byte[100]; new Random(0x1234567L).nextBytes(key); cryptographyAsyncClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, key) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(wrapResult -> System.out.printf("Received encrypted key of length: %d, with algorithm: %s.%n", wrapResult.getEncryptedKey().length, wrapResult.getAlgorithm().toString()));
algorithm
- The encryption algorithm to use for wrapping the key.key
- The key content to be wrapped.Mono
containing a WrapResult
whose encrypted key
contains the wrapped key result.NullPointerException
- If algorithm
or key
are null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for wrap operation.UnsupportedOperationException
- If the wrap operation is not supported or configured on the key.public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey)
keys/unwrapKey
permission for non-local operations.
The wrap algorithm
indicates the type of algorithm to use for unwrapping the
specified encrypted key content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
,
A192KW
and A256KW
.
Code Samples
Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a response has been received.
byte[] keyToWrap = new byte[100]; new Random(0x1234567L).nextBytes(key); cryptographyAsyncClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(wrapResult -> cryptographyAsyncClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrapResult.getEncryptedKey()) .subscribe(keyUnwrapResult -> System.out.printf("Received key of length: %d.%n", keyUnwrapResult.getKey().length)));
algorithm
- The encryption algorithm to use for wrapping the key.encryptedKey
- The encrypted key content to unwrap.Mono
containing an UnwrapResult
whose decrypted
key
contains the unwrapped key result.NullPointerException
- If algorithm
or encryptedKey
are null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for wrap operation.UnsupportedOperationException
- If the unwrap operation is not supported or configured on the key.public Mono<SignResult> signData(SignatureAlgorithm algorithm, byte[] data)
keys/sign
permission for non-local operations.
The signature algorithm
indicates the type of algorithm to use to sign the digest.
Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Signs the raw data. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); cryptographyAsyncClient.sign(SignatureAlgorithm.ES256, data) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(signResult -> System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResult.getSignature().length, signResult.getAlgorithm()));
algorithm
- The algorithm to use for signing.data
- The content from which signature is to be created.Mono
containing a SignResult
whose signature
contains
the created signature.NullPointerException
- If algorithm
or data
is null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for signing.UnsupportedOperationException
- If the sign operation is not supported or configured on the key.public Mono<VerifyResult> verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature)
keys/verify
permission for non-local operations.
The signature algorithm
indicates the type of algorithm to use to verify the
signature. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Verifies the signature against the raw data. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] myData = new byte[100]; new Random(0x1234567L).nextBytes(myData); // A signature can be obtained from the SignResult returned by the CryptographyAsyncClient.sign() operation. cryptographyAsyncClient.verify(SignatureAlgorithm.ES256, myData, signature) .contextWrite(Context.of("key1", "value1", "key2", "value2")) .subscribe(verifyResult -> System.out.printf("Verification status: %s.%n", verifyResult.isValid()));
algorithm
- The algorithm to use for signing.data
- The raw content against which signature is to be verified.signature
- The signature to be verified.Mono
containing a VerifyResult
indicating the signature verification result
.NullPointerException
- If algorithm
, data
or signature
is null
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for verifying.UnsupportedOperationException
- If the verify operation is not supported or configured on the key.Visit the Azure for Java Developers site for more Java documentation, including quick starts, tutorials, and code samples.